SOI-ASIA Unofficial Operators Meeting 10 May 2004.

Slides:



Advertisements
Similar presentations
Module XXI Cryptography
Advertisements

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
Creating an AMI at Amazon’s EC2 Joe Steele
Creating a Biolinux AMI at Amazon’s EC2
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
APACHE SERVER By Innovationframes.com »
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
UNIX JIN GUO 08/30/00. AGENDA 1.Creation of Unix 2.Unix Uniqueness 3.Unix Architecture 4.Unix Application 5.Unix Security 6.Unix & Web.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
Hepix LAL April 2001 An alternative to ftp : bbftp Gilles Farrache In2p3 Computing Center
SCSC 455 Computer Security Chapter 3 User Security.
Unix Servers Used in This Class  Two Unix servers set up in CS department will be used for some programming projects  Machine name: eustis.eecs.ucf.edu.
Unix Environment Basics CSCI-1302 Lakshmish Ramaswamy.
Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.
Cryptography in the Real World Diffie-Hellman Key Exchange RSA Analysis RSA Performance SSH Protocol Page 1.
Your EC2 Instance. How to Connect to your EC2 Instance?
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Using UNIX Charles Duan FAS Computer Services June 12, 2016.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Getting Connected to NGS while on the Road…
Ssh: secure shell.
NTP, Syslog & Secure Shell
Chapter 5 Linux Services
Active Directory Replication (Part 2) Paige Verwolf Support Professional Microsoft Corporation © 1999 Microsoft Corporation. All rights reserved.
Fundamental Concepts in Security and its Application Cloud Computing
Getting SSH to Work Between Computers
SSSD and OpenSSH Integration
VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi.
Chapter 27: System Security
Web Programming Essentials:
Getting Connected to NGS while on the Road…
UNIX Commands A Brief Look at Common UNIX Commands.
UNIX Commands A Brief Look at Common UNIX Commands.
Digital Signatures…!.
Lecture 6: Digital Signature
UNIX Commands A Brief Look at Common UNIX Commands.
UNIX Commands A Brief Look at Common UNIX Commands.
Presentation transcript:

SOI-ASIA Unofficial Operators Meeting 10 May 2004

AI3 Security Policy Basics –Moderately independent site by site –Self defense

User Account Management Account creation –No user password for local operators –If necessary, allow user password for foreign operators A case when we allow user password –A foreign operator needs root authority –Su2 / sudo An operator can be root by user password without root password

Remote Access Administration SSH –Prohibit root login –Prohibit password authentication –Use public key authentication RSA authentication for SSH1 RSA or DSA authentication for SSH2

RSA / DSA Public key authentication methods RSA (Rivest, Shamir, Adleman) –Developed based on the difficulty of factorization into prime factors from a large number DSA (Digital Signature Algorithm) –Expanded beyond ElGamal

Actual Work Flow New User Host Operator Create RSA / DSA key pair (1) Request a new account with attaching the public key Create a new account and put the public key in the host (2) Try the new account (3) Send notification

Step 1: Create RSA/DSA Key Pair On Windows PC –Use puttygen On Unix PC –Use ssh-keygen of OpenSSH suite Do we have to create many pairs of RSA/DSA key for every remote host? –I dont think so. –Private Key has to be safely kept on your PC. –Public Key can be shared on remote host. Put the public key on the WEB site? Send the public key by ?

Puttygen (1): Generate key pair

Puttygen (2): Save keys

Puttygen (3): Save keys

Puttygen (4): Save keys

Step 2: Create a new account and put the public key in the host Where do we put the public key? –~/.ssh/ What is the file name? –~/.ssh/authorized_keys What point do we have to take care? –The owner of authorized_keys should be the correct user.

Create a New User Account

Put the Public Key

Change the Directory Permission

Step 3: Try the new account Major SSH clients –PuTTY –TeraTerm with TTSSH PuTTY –SSH1 RSA –SSH2 RSA, DSA TeraTerm with TTSSH –SSH1 RSA only

PuTTY (1)

PuTTY (2)

PuTTY (3)

PuTTY (4)

PuTTY (5)

Sshd Operation Sshd configuration file –/usr/local/etc/sshd_config Points –No root login –No password authentication After editing sshd_config, restart sshd.

No Root Login

No Password Authentication

Tips: Lets mount FDD on FreeBSD liverpool# mount /dev/fd /mnt/fdd liverpool# cd /mnt/fdd liverpool# ls boot kernel.gz liverpool#

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.